If you followed the instructions in my May 21 Top Story to build new systems without installing the trouble-prone Windows Genuine Advantage app, you may want to patch your PC using something other than Windows Update, which offers again and again to install WGA.

My favorite third-party software update service is currently the Shavlik Patch Google Gadget, although Secunia’s Personal Software Inspector is a worthwhile alternative.

In today’s article, I compare several third-party patching tools that act as replacements for Windows Update and Microsoft Update. (Windows Update patches only Windows itself, whereas the more-thorough Microsoft Update finds patches for Microsoft applications in addition to Windows.)

My conclusion: You need to pick one tool you like best and stick with it. An update service may work well for one person and not so well for another, depending on your specific needs and preferences. One good patch checker should be all you need.

UPDATE 2009-07-30: In her July 30, 2009, Top Story, Susan Bradley describes patches that protect against two new vulnerabilities that target Internet Explorer and other applications. The existence of security threats such as these underlines the importance of using third-party patching tools to keep your apps up-to-date.

The following are the best and worst features of what I consider the four most-significant updaters for home users and small businesses:

Shavlik Patch Google Gadget. The biggest factor in this service’s favor is that I’ve come to trust Shavlik. I use the company’s business-class patch platform at my office. That tool has correctly identified many programs that Microsoft’s own updaters got wrong.

The Patch Gadget’s biggest drawback is its reliance on the Google Desktop program. In 2006, several reports questioned Google Desktop’s ability to keep your search activities private. One such report is available as a downloadable PDF from the University of Michigan. The school’s Information Technology Security Services went so far as to recommend against deploying Google Desktop.

I’m also concerned about Google Desktop’s use of your PC’s resources as well as its annoying news pop-ups. I wouldn’t blame you one bit if you uninstalled Google Desktop each time you finished using the Shavlik update tool and reinstalled it only when the time came to check for patches again.

Secunia Online Software Inspector (OSI). The online version of Secunia’s software-update service lets you scan your system for security patches without your having to install anything. Unfortunately, the service requires Java to run and doesn’t work well within the new Internet Explorer 8, although you could try running the service in IE 8’s compatibility mode.

More importantly, OSI sometimes generates inconsistent results, requiring that you scan your system repeatedly. For example, the service properly noted that I had two versions of the Java Runtime Environment on a test XP system: the outdated version 6.7 and the most-recent version 6.13. However, OSI didn’t instruct me to uninstall Java 6.7.

Secunia Personal Software Inspector (PSI). Secunia’s standalone updater is more robust than the firm’s online scanner. In addition, the installed updater constantly checks your PC to determine whether your software is fully patched. However, when I’ve used PSI to update machines, on rare occasions the scan has failed and I’ve had to reinstall PSI to get it to scan properly.

Even worse, many of the scanner’s results are inconsistent. If you use PSI, I recommend that you run Secunia’s OSI online scan in addition to PSI, just to double-check the standalone scanner’s results.

For more information on the Personal Software Inspector, visit Secunia’s site.

Belarc Advisor. This venerable and free system-maintenance utility has an interface only a geek could love. The program provides information on all the software on your PC, including serial numbers and key codes. It also lists all hardware installed and other information about your system.

Unfortunately, Belarc reports only on missing Microsoft patches. If you’re looking for a tool that updates only Windows and Microsoft apps, this program may be the only updater you need. However, anyone looking for a tool that identifies out-of-date third-party software should use one of the updaters described above.

Figure 1. In one case, the Shavlik Patch Google Gadget identified on a test machine an out-of-date version of the Adobe Flash Player 6, a fact that Secunia’s Personal Software Inspector had missed. __________

Although I’m not thrilled with Shavlik’s use of Google Desktop as its platform, I do like its thoroughness.

Secunia’s tool recently missed the fact that a test machine I was scanning was running an unpatched build of Adobe Flash Player 6. Shavlik correctly pointed me to an Adobe alert indicating that the version of the player on my test PC was seriously out-of-date. (See Figure 1.)

Interestingly, the Shavlik updater also proactively recommended that I install the patch described in Microsoft Knowledge Base article 953155 for the Internet Printing service.

While this printing service isn’t installed on most Windows XP systems, it could be used on some — which explains why you want to patch proactively. Neither Secunia’s PSI nor Microsoft’s own updater indicated that the new patch was missing on my XP SP3 machine.

Once you’ve installed the Shavlik Patch Google Gadget, click Begin Scan. When the scan is done, choose View details, accept the product’s EULA (the first time you use it), and install any of the patches the program offers you — except WGA.

Whichever third-party updater you choose, be sure to run it on all your PCs within a few days of each Patch Tuesday — the second Tuesday of the month — when Microsoft releases new patches.

If you prefer, you can run Redmond’s own Microsoft Update and then follow that scan with a Shavlik or Secunia scan to catch patches needed for non-Microsoft applications.

But today, third-party scanning programs have progressed to the point where they can keep all your Microsoft software and all your major non-Microsoft software safely patched. That’s a claim Microsoft Update can’t make.

Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.

False readings from the Windows Genuine Advantage (WGA) applet were described in a May 21 Top Story by contributing editor Susan Bradley, who described a way to install Windows XP without ever downloading or running WGA.

If you’ve already installed WGA on XP, however, a program known as Autoruns — which is downloadable from Microsoft.com — lets you easily deactivate the applet.

In addition to Susan’s articles on the subject, Dennis O’Reilly’s Known Issues column on May 21 featured comments by readers who’d been seriously affected by erroneous “nongenuine” readings from WGA.

Susan linked to WGA removal instructions provided by Microsoft (see Knowledge Base article 921914), but she reported that the steps work only on early, “pilot” versions of WGA, not later versions.

WS reader Eric Levy suggests a simple way for legitimate Windows users who are suffering from false positives to disable WGA: Autoruns. This is a free program developed by SysInternals, a company started by developers Mark Russinovich and Bryce Cogswell and acquired in 2006 by Microsoft:

“In Susan Bradley’s article, ‘Get all security patches without WGA nightmares,’ she mentions having to deal with the WGA tool at boot if Automatic Updates automatically installed it. She states that you either have to let it run or click Cancel every time you boot.

“Unhappily, I’ve already had to deal with this very issue and have found a beautiful way out of it. The first time it comes up, click Cancel to stop the WGA tool from setting itself up. Once the desktop is loaded and stabilized, execute autoruns.exe from SysInternals (Microsoft).

“Select the Scheduled Tasks tab and remove the check mark next to the line that contains the Windows Genuine Advantage tool….

“That’s it! Problem solved. Mark Russinovich comes through again!”

Figure 1. Uncheck the WGA entry (not shown in this figure) under the Scheduled Tasks tab of Autoruns to stop the validator from running.

There are other ways to edit entries in Scheduled Tasks, but Autoruns is a great utility that all Windows users should have at hand. You can download Autoruns from the utility’s page on Microsoft’s TechNet site. The download page also includes instructions for using the program.

For more details on how to detect and configure WGA in XP and Vista, see WS contributor Scott Dunn’s Nov. 29, 2007, article. WGA morphs into Windows Activation Technologies Susan’s article also elicited a response from Microsoft spokeswoman Jill Lovato. Susan had mentioned that WGA will be renamed Windows Activation Technologies (WAT) in the forthcoming Windows 7. Jill pointed to a blog post by Alex Kochis, director of Microsoft’s Genuine Windows program, who says:

“As many of you know, our online validation program, known as Windows Genuine Advantage, is a program designed for use with Windows XP…. As a result of the success of WGA, we built validation technology into Windows Vista from the beginning. These components were new and were built for use in Windows Vista. The same components, though tuned up a bit, form the basis of our activation and validation technology in Windows 7. To better reflect this latest generation of technology, we will refer to the activation and validation components in Windows Vista and Windows 7 by a new name, Windows Activation Technologies.”

Microsoft posts statements about how WGA works in XP and Vista on its MS Genuine Advantage Program information page. Windows Secrets will cover the behavior of WAT in future stories.

Reader Eric Levy will receive a gift certificate for a book, CD, or DVD of his choice for sending a tip we printed. Send us your tips via the Windows Secrets contact page.

The Known Issues column brings you readers’ comments on our recent articles. Brian Livingston is editorial director of WindowsSecrets.com.

If you’re like me, you’ve got a stack of books you’ve been meaning to read that just doesn’t seem to get any smaller. Somehow, the idiosyncrasies of everyday life always manage to trump any reading time I’ve set aside … but what do you expect me to do? Ignore the season finale of “The Biggest Loser”?!? Come on!

Finally, the folks at Amazon.com have it all figured out with the Kindle 3, their newest release. Check out this commercial parody of the company’s, ahem, novel approach to reading that will make a bookworm out of even the most-determined ignoramus. I can’t wait to read that new Ben Stiller book! Play the video

Unintentionally reformatting a drive is one of the biggest mistakes you can make on a PC, but it doesn’t have to be a total disaster.

With care, you just might get everything on the wiped disk or partition back the way it was.

What to do when you reformat the wrong drive Stephen Yale had what he aptly describes as an “aaaargh!” moment:

“I had a 750GB external USB drive connected [to my PC]. I inserted a small 32MB thumb drive to reformat from NTFS to FAT32 and use as a boot disk. I went through the process of formatting the drive whilst talking to a colleague on the telephone. Inadvertently, I formatted the 750GB external USB drive instead of the thumb drive. Aaaargh!

“What can I do — if anything — to recover the data from the drive? Am I hosed or is there a chance of recovery?”

Don’t feel too bad, Stephen. Anyone who works on PCs long enough will — sooner or later — reformat the wrong drive or partition. I confess: I’ve done it, too!

In fact, the increasing use of digital cameras is making this type of error more common. You see, when you “initialize” a camera’s memory, you’re really formatting a solid-state hard drive. (Most cameras use utterly standard FAT16 or FAT32 disk formatting.)

People who would never reformat a PC’s drive will almost surely “initialize” or reformat a digital camera’s solid-state drive many times over the years they own the device. Sooner or later, almost everyone will have a reformatting “aaaargh” moment!

Whether you’re cleaning the machine of a friend or family member — or battening the hatches of your own PC — it’s handy to use security tools that do the job quickly and simply.

One tip I’ve learned: before running any antispyware or antivirus apps, clean out temp files to make your subsequent scans faster.

Dump temp files before scanning for malware Joe Montgomery wrote in to tell me about a great security time-saver:

“As someone who cleans computers as a retirement hobby and pocket-money earner, the first thing I always do is clear all temp files from the computer.”

Joe, you’re absolutely right. I do this, too, but it never occurred to me to add this step to my security instructions for readers nor to look for a tool to help. Joe pointed me to ADDPCs’ free Temp File Cleaner utility, which you can download from the company’s site.

As Joe explained, malware often hides in temp directories. Cleaning out these folders beforehand significantly reduces the scan time for your antivirus and antispyware tools. Let me mention two caveats about using this particular tool:

It requires Java 6 to run.

The utility’s aggressive default settings delete patch-uninstall files and system-restore points. Deleting these files won’t break anything but will prevent you from uninstalling the patches or going back to those restore points. If these settings concern you, you can turn them off in the program’s options.

Free antispyware tool has a bombastic name I’ve received many reader recommendations for an antispyware tool I’d never heard of before: SUPERAntiSpyware.

With a name like that, I assumed that the program had to be bogus. But it is, in fact, a legitimate antispyware program, despite the exuberant name.

You may already have been offered version 8 of Microsoft’s Internet Explorer browser via Windows’ built-in Automatic Updates routine, but you should be aware that some Web sites don’t work with the new release.

In my testing, IE 8’s security and compatibility settings cause problems with some sites in my testing, and XP users must first uninstall SP3 in order to remove the latest build of IE.

IE 8 is prechecked in XP and Vista updates If you use XP, you’ll see Internet Explorer 8 listed as a “high-priority update” in Windows’ Automatic Update tool. (See Figure 1.) In Vista, IE 8 is included among the updates rated “Important” by Microsoft. The Redmond company is implying that IE 8 is a security patch, not just a revised version of its Web browser.

Surprisingly, if you’ve configured Automatic Update to “download but do not install,” as I recommend, or if you use Windows Update to scan manually for patches, you’ll notice that IE 8 is prechecked to download automatically. Yikes!

The Microsoft Update blog states that IE 8 won’t install automatically. On one of my test machines, I turned off Automatic Updates and left the machine running for several days to see whether IE 8 would be installed automatically. It never happened. This will be good news to users who wish to control the changes made to their PCs.

In my tests of Internet Explorer 8, I found that a few Web sites choked on the browser’s new security and compatibility settings. For example, while I was traveling, one airline’s boarding-pass application wouldn’t print properly. Some folks also report that third-party firewalls are causing IE 8 slowdowns.

Microsoft periodically sends out automated updates to its so-called IE 8 Compatibility View List. By tracking which sites IE 8 users choose to open in Compatibility View, Microsoft adds sites that break in IE 8 to this list. The process is described in Knowledge Base article 969497.

Sites on the latest list downloaded by IE 8 will open in the browser’s Compatibility View automatically. But you can also choose this setting manually when you encounter a site that doesn’t work well in IE 8. To do so, select Compatibility View Settings on the Tools menu, enter the site’s URL, click Add, choose Close, and reload the page.

If you encounter sites that conflict with IE 8, you can also run the Fix it routine described in KB article 957700 to roll back to IE 7. Service Pack 2 for Vista, Server 2008 on tap While the tech world has been enthralled with Windows 7 recently, Vista has been quietly winning new converts. On April 28, Service Pack 2 for Vista and Windows Server 2008 was released to manufacturing. This service pack will soon be available via Windows Update and Windows Software Update Services (WSUS), as was announced last week on the Microsoft Update blog.

A few prerequisites must be installed before applying the service pack, as described in KB article 955430. However, you presumably already installed these patches on your systems in late April.

My tests revealed no problems installing or running the service pack on Vista, Windows Server 2008, and Small Business Server 2008. However, some programs (described in KB article 969707) won’t run after you install the service pack. These include WebRoot’s Spy Sweeper, Eusing’s Free Registry Cleaner, and Microsoft’s own Application Virtualization program. 905474 Follow-up on steps to avoid WGA Notifications After seeing my May 21 Top Story on updating Windows without WGA, several readers told me about other ways to avoid WGA if you accidentally start to download the notification patch. (The WGA Notifications app is described in KB article 905474.)

If you accidentally started the installation of WGA Notifications, you can avoid completing it by clicking Next and then “I Do Not Agree” when asked whether you accept the EULA. Finally, click Cancel, which terminates the installation of the program and prevents the update from being installed. (See Figure 2.)

Figure 2. Select “I Do Not Agree” to avoid installing WGA Notifications if you started the process accidentally.

That doesn’t mean that the WGA update won’t be back, however. Be prepared to avoid it all over again the next time you see it listed among the Windows patches.

Keep in mind that Windows activation is not the same as WGA validation. There still may be times when your system needs to be reactivated, such as when you make significant hardware changes. In my case, a new hard drive caused Vista to request a reactivation.

Vista SP2 reportedly improves the accuracy of the reactivation process, as documented in KB article 971656. For example, under previous versions of Windows, if you docked a laptop and recently updated a storage driver, you might have triggered reactivation. The new service pack deletes “removable hardware” from its out-of-tolerance algorithm.

The reactivation procedure looks for changes in such items as the motherboard, hard drive, video card, and others. If enough of these items change, the system will need to be reactivated. Normally, a phone call to Microsoft and an explanation of what happened is all that’s required to receive a new activation key.

See this week’s Known Issues column for more on WGA workarounds. Create a do-it-yourself Windows update CD Several readers asked for a way to slipstream XP Service Pack 3 into their installation media or for an easier way to fully patch a rebuilt system.

The most obvious method is to build your own SP3 slipstream media. The Lifehacker site offers a good how-to page that describes the process step by step.

An alternative is to create a patch CD. There are several options for doing this, one of which is presented on the PatchMate site. The Windows Updates Downloader site and AutoPatcher — a resource that many Windows Secrets readers have suggested — provide alternative approaches to the same end.

Any of these sites will help you do what Microsoft is failing to do: give us a way to update our Windows installation media so we can legally and easily reinstall our operating systems on the same hardware when the machines become sluggish or need a refresh. Keep these Windows fixes on the shelf for now I’m frequently asked which Windows patches I think you should pass on. The following is my current list of XP patches to which I continue to say, “No, thanks.” Most of these patches are listed in the Optional section of Windows Update:

926139 offers up PowerShell but is not needed for standalone, nonbusiness workstations (unless, of course, you’re actually learning to write scripts in PowerShell). Since the vast majority of PC users don’t even know what PowerShell is — a new command language for administrators — they can skip this update.

940157 adds Windows Search 4 to XP machines. Install this update only on high-performance systems. If you have a low-powered XP PC, Windows Search 4 may cause it to drag a bit.

909520 is an update for smart cards. Since most home PCs don’t use smart cards, this is another skip-it patch.

943729 adds Group Policy preferences to XP. In its defense, let me say that I consider this update to be mandatory on my Small Business Server network. The patch gives me new ways to map drives, add printers, and perform all sorts of magical controls on the server from my office workstations. However, I absolutely don’t install this update on home systems, which have no need for Group Policy settings. Home PC users can pass on this patch.

By contrast, 931125 is one patch that some home users actually may want to install. It updates Windows’ list of the Secure Sockets Layer (SSL) root certificates used on many e-commerce sites. I recommend that online shoppers install this update because it helps you remain secure when making purchases on various sites. 963032 Home Server screen resolution gets an update I recently saw an early warning for the Windows Home Server patch that’s described in KB article 963032. But the document said only that a patch to fix a high-priority, nonsecurity problem would come out on Tuesday, May 26. I thought the update might address a backup problem or some other serious issue.

When I finally received the update, I realized that it merely addresses a display problem that causes the character-mode console to display incorrectly on computers with screen resolutions lower than 1024 by 768. That’s not exactly a high-priority, life-or-death situation to me.

I suppose this might be a big deal for you if your home network consists entirely of netbooks. But it strikes me as odd that such a large patch would be released for what seems to be a trivial matter for most users. 971620 Microsoft Office Server’s service-pack oopsie Regular readers of this column know that I advocate waiting a few weeks or months before applying service packs. Recent problems with SharePoint Server 2007, Project Server 2007, Form Server 2007, Search Server 2008, and Search Server 2008 Express showcase why it rarely pays to be among the first “service-pack guinea pigs.”

A hotfix will be released for the Office Server glitch. Alternatively, re-entering the product key resolves the issue, as described in KB article 971620.

Always remember: You’ll rarely need to rush to install a service pack, which is often a rollup of previously released updates.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by
Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com. All other marks are the trademarks or service marks of their respective owners.HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our
free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside
party, ever.
2. We will never send you any unrequested e-mail, besides
newsletter updates.
3. All unsubscribe requests are honored immediately, period.
Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe
from the Windows Secrets Newsletter,

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.